Wget FTP recursive path concatenation uses unchecked sprintf

During recursive FTP retrieval, Wget concatenates the current directory and remote directory entry name into a newly allocated buffer. The allocation is based on strlen() of the components, but the actual write uses sprintf() with untrusted directory-listing data. That makes the path construction fragile and vulnerable to overflow if the size calculation and formatted output ever diverge or if the inputs are unexpectedly long.